Writing as the cheapest way to think clearly.
Long-form essays, runbooks, and lessons from real engagements. No SEO-fluff. If a post is here it's because someone asked the question twice and I got tired of rewriting the answer.
Detection engineering for humans: a working framework
Why most "best practice" rules fail in production, and a simpler hypothesis → rule → review loop that holds up.
Next.js 15 in anger: what server actions changed for real apps
A frank look at where server actions are great, where they bite, and how to know which tool to reach for.
You're ranking for the wrong things. Here's the buyer-journey audit.
A 4-step audit to find the keywords that actually move pipeline — and quietly retire the ones that don't.
How to break into SOC analysis without an IT degree
The exact 12-month plan I give every aspiring analyst who messages me on LinkedIn. With labs and timeline.
Tabletop exercises that don't suck: 6 scenarios that actually train the muscle
Most tabletops devolve into PowerPoint theatre. Here are scenarios that force real decisions under time pressure.
The 5-pillar content engine for B2B founders who hate marketing
A repeatable monthly content system that works even when the founder is the marketing team.
Performance budgets, not performance tips: a forcing-function approach
Why I treat Core Web Vitals like a CI check, and how to wire it up so regressions never ship.
Cloud IAM is a security problem, not a DevOps one
A short manifesto + a checklist. The boring controls that prevent 80% of cloud incidents I see.
One essay, every two Fridays.
Cybersecurity, web engineering, and the systems that connect them. Long-form. Unsponsored. Easy to unsubscribe. Currently read by 8,400 operators.